Hi, I'm new today so I hope I'm doing this right; couldn't find anythng by Searching(both here DAL and the internet search engines).

I think I have a bug which Norton (NIS2006), Spybot1.4, MSanti & MSRT, and SpywareBlaster all haven't found (

When I double-click on any of several icons on my desktop (e.g. MSanti, SpywareBlaster), I get a little Windows Installer window (twice). If I notice it quickly enough, I cancel it but if I don't it puts a new icon on the desktop called "Sign up to Tiscali" which links to Program Files\Internet\SetupWD.exe which, of course, I haven't run!
It also creates a little tree in Program Files\Internet. I keep renaming or deleting it but it keeps coming back - whether I'm online or not connected.

I don't know how it does that - maybe it's corrupted explorer.exe ?

As a temporary measure (in case it's doing something nasty behind my back - can't help thinking it's not so easy to escape by just cancelling the installer window), I tried to rename MSIEXEC.EXE in system32 but that keeps regenerating itself too - is it supposed to do that. So I'm thinking maybe there's a process which is always running (like explorer?) that maybe uses a compacted/zipped file I can't find and keeps replacing these bad files.

Any idea what's going on ? What damage it might be doing me unwares ? And what I can do to get rid of it.

Thanks, Gerry )